Friday, February 6 • 15:50 - 17:20
DNSSEC deployment from server and client side

Sign up or log in to save this to your schedule and see who's attending!

DNSSEC has been here for some time. But what it means to deploy it on the server? What is needed to keep your domain secured? There are a lot of manual and semi-automated tasks administrators need to do. This is where FreeIPA steps in and makes the deployment and maintenance of DNSSEC signed zone easy as few clicks in Web UI. Once you deployed DNSSEC on the server side, there is still some work to have your clients secured, too. Especially when using public hot-spots and networks, you should use secured DNS to eliminate man-in-the-middle attacks.

In the lab we will briefly explain how DNSSEC works. Afterwards we will deploy a signed zone using only BIND and also BIND + FreeIPA combination. We will show how FreeIPA can ease your pain with DNSSEC deployment. In the end we will try out the DNSSEC from client side using dnssec-trigger and unbound server, to keep you secured at all times.

Note: We will need at least 2 hours (2,5 maybe)

avatar for Tomas Hozza

Tomas Hozza

Associate Manager, Software Engineering, Red Hat
Tomas is an Associate Manager at Red Hat, leading a team of developers working on infrastructure-related software in RHEL and Fedora. In his free time, Tomas likes to code in Python 3 and play with various IoT devices and sensors. When he's not sitting behind the computer, he's most... Read More →

Petr Spacek

Petr is a Software Engineer at Red Hat, mainly focused on DNS and its integration to other systems. Petr’s goal is to make DNSSEC deployment as easy as running one command.

Friday February 6, 2015 15:50 - 17:20
Workshops – E105

Attendees (0)